Solved: Set up VSAN Witness on separate subnet

billoneil · ‎07-27-2017

I have a setup with 2 VSAN nodes on the same subnet (management + VSAN) and a witness VM on a different subnet (L3, VSAN and management are on the same subnet).

Right now I get the errors "Witness host not found" and "Multicast assessment based on other checks".

Ping works between all three nodes (even with ping -I vmk1 on the witness, so it works through the VSAN interface) and ping -s 1472 -d works as well.

Is multicast required for the witness host in VSAN 6.2, or is there some other issue I am not aware of?

TheBobkin · ‎07-28-2017

Hello Bill,

Apologies for assuming it was the same cluster, fair enough.

It's possible that it didn't pick up the change you made without cluster leave and re-join.

Generally I have found that if after everything looks to be configured correctly and leave/join doesn't resolve that it can be least hassle to just deploy a new Witness, this doesn't seem to happen in 6.5/6.6 though.

Bob

View solution in original post

TheBobkin · ‎07-27-2017

Hello Bill,

You may need to set up static routes for default gateways, more info here:

communities.vmware.com/thread/527804

storagehub.vmware.com/#!/vmware-vsan/vsan-operations-guide/creating-a-static-route-for-vsan-networking-1

Node to Witness uses Unicast, so not sure why you are seeing Multicast alerts - does this specify hosts triggering this alert and if so which?

'Witness not found' likely caused by either Networking config as per the above or incorrect set-up of stretched-cluster, you never elaborated in your other question which I asked you some things on (communities.vmware.com/thread/568798).

Bob

billoneil · ‎07-28-2017

This is a different system from that question.

And it doesn't seem like a routing issue. All the VSAN interfaces can ping each other just fine (the small and large ping tests pass). The "multicast assessment based on other checks" doesn't say which hosts are affected, but there is a cluster partition; the witness in one, and the two nodes in the other.

The only issue I had when I first set it up is I didn't realize the VSAN interface on the witness was separate and so its IP address was not set initially, but that was fixed.

Edit: I removed and re-added the witness host and that seems to have fixed it.

TheBobkin · ‎07-28-2017

Hello Bill,

Apologies for assuming it was the same cluster, fair enough.

It's possible that it didn't pick up the change you made without cluster leave and re-join.

Generally I have found that if after everything looks to be configured correctly and leave/join doesn't resolve that it can be least hassle to just deploy a new Witness, this doesn't seem to happen in 6.5/6.6 though.

Bob